Merge branch 'release-1.0.1'

Author: Kristan Kenney

README.md

@@ -117,4 +117,4 @@ If you would like to help our developers cover their time and infrastucture cost
 
 License
 =============================
-Hestia Control Panel is licensed under [GPL v3](https://github.com/hestiacp/hestiacp/blob/master/LICENSE) license, and is based on the [VestaCP](https://www.vestacp.com/) project.<br>
+Hestia Control Panel is licensed under [GPL v3](https://github.com/hestiacp/hestiacp/blob/master/LICENSE) license, and is based on the [VestaCP](https://www.vestacp.com/) project.<br>

bin/v-add-letsencrypt-host

@@ -0,0 +1,81 @@
+#!/bin/bash
+# info: add letsencrypt for host and backend
+# options:
+#
+# The function check and validates the backend certificate and generate
+# a new let's encrypt certificate.
+
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+# Argument definition
+user="admin"
+domain=$HOSTNAME
+
+# Includes
+source $HESTIA/func/main.sh
+source $HESTIA/func/domain.sh
+source $HESTIA/conf/hestia.conf
+
+
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+
+is_format_valid 'user' 'domain' 'aliases'
+is_object_valid 'user' 'USER' "$user"
+is_object_unsuspended 'user' 'USER' "$user"
+is_system_enabled "$WEB_SYSTEM" 'WEB_SYSTEM'
+
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+# Check if hostname already exists as domain
+if [ "$($BIN/v-list-web-domain $user $domain plain |cut -f 1)" != "$domain" ]; then
+    # Create web domain for hostname
+    $BIN/v-add-web-domain $user $domain
+fi
+
+# Validate web domain
+is_object_valid 'web' 'DOMAIN' "$domain"
+is_object_unsuspended 'web' 'DOMAIN' "$domain"
+get_domain_values 'web'
+
+# Load domain data
+eval $(grep "DOMAIN='$domain'" $USER_DATA/web.conf)
+
+# Set ssl installation to yes
+add_ssl="yes"
+
+if [ "$SSL" = "yes" ]; then
+    # Valildate SSL Certificate
+    if [ -e "$USER_DATA/ssl/$domain.ca" ]; then
+        if openssl verify -CAfile $USER_DATA/ssl/$domain.ca $USER_DATA/ssl/$domain.pem | grep -q "$domain.pem: OK"; then
+            add_ssl="no"
+        fi
+    else
+        if openssl verify $USER_DATA/ssl/$domain.pem | grep -q "$domain.pem: OK"; then
+            add_ssl="no"
+        fi
+    fi
+fi
+
+# Add let's encrypt ssl if needed
+if [ "$add_ssl" = "yes" ]; then
+    # Add let's encrypt ssl
+    $BIN/v-add-letsencrypt-domain $user $domain
+fi
+
+# Add certificate to backend
+$BIN/v-update-host-certificate $user $domain
+
+
+#----------------------------------------------------------#
+#                        Hestia                            #
+#----------------------------------------------------------#
+
+exit

bin/v-add-mail-domain

@@ -108,7 +108,9 @@ if [[ "$MAIL_SYSTEM" =~ exim ]]; then
 
     # Set ownership
     chown -R $MAIL_USER:mail $HOMEDIR/$user/conf/mail/$domain
-    chown -R dovecot:mail $HOMEDIR/$user/conf/mail/$domain/passwd
+    if [ "$IMAP_SYSTEM" = 'dovecot' ]; then
+        chown -R dovecot:mail $HOMEDIR/$user/conf/mail/$domain/passwd
+    fi
     chown $user:mail $HOMEDIR/$user/mail/$domain_idn
 fi
 
@@ -129,7 +131,9 @@ fi
 
 # Add webmail configuration to mail domain
 if [ ! -z "$WEB_SYSTEM" ] || [ ! -z "$PROXY_SYSTEM" ]; then
-    $BIN/v-add-webmail $user $domain '' 
+    if [ ! -z "$IMAP_SYSTEM" ]; then
+        $BIN/v-add-webmail $user $domain ''
+    fi
 fi
 
 #----------------------------------------------------------#

bin/v-add-sys-sftp-jail

@@ -1,6 +1,6 @@
 #!/bin/bash
 # info: add system sftp jail
-# options: NONE
+# options: [RESTART]
 #
 # The script enables sftp jailed environment
 
@@ -14,6 +14,7 @@ source /etc/profile
 source $HESTIA/func/main.sh
 source $HESTIA/conf/hestia.conf
 
+restart=$1
 
 #----------------------------------------------------------#
 #                    Verifications                         #
@@ -45,11 +46,13 @@ if [ -z "$sftp_i" ]; then
     echo "    X11Forwarding no" >> $config
     echo "    AllowTCPForwarding no" >> $config
     echo "    ForceCommand internal-sftp" >> $config
-    restart='yes'
 fi
 
 # Validating opensshd config
-if [ "$restart" = 'yes' ]; then
+if [ "$restart" = 'no' ]; then
+   # Skipping SSH Restart
+   echo "" >  /dev/null 2>&1
+else
     subj="OpenSSH restart failed"
     email=$(grep CONTACT $HESTIA/data/users/admin/user.conf |cut -f 2 -d \')
     /usr/sbin/sshd -t >/dev/null 2>&1
@@ -59,7 +62,6 @@ if [ "$restart" = 'yes' ]; then
         echo -e "$mail_text" |$SENDMAIL -s "$subj" $email
     else
         service ssh restart >/dev/null 2>&1
-        service sshd restart >/dev/null 2>&1
     fi
 fi
 

bin/v-add-user-sftp-jail

@@ -1,6 +1,6 @@
 #!/bin/bash
 # info: add user sftp jail
-# options: USER
+# options: USER [RESTART]
 #
 # The script enables sftp jailed environment
 
@@ -11,6 +11,7 @@
 
 # Argument definition
 user=$1
+restart=$2
 
 # Includes
 source $HESTIA/func/main.sh
@@ -62,8 +63,12 @@ chown root:root /home/$user
 #----------------------------------------------------------#
 
 # Restart ssh service
-service ssh restart > /dev/null 2>&1
-service sshd restart > /dev/null 2>&1
+if [ "$restart" = 'no' ]; then
+    # Skip restart of SSH daemon
+    echo "" > /dev/null 2>&1
+else
+    service ssh restart > /dev/null 2>&1
+fi
 
 # Logging
 log_event "$OK" "$ARGUMENTS"

bin/v-add-web-domain

@@ -114,7 +114,13 @@ if [ "$aliases" = 'none' ]; then
 else
     ALIAS="www.$domain"
     if [ -z "$aliases" ]; then
-        ALIAS="www.$domain"
+        # Check and skip www alias for subdomains.
+        IFS='.' read -r -a domain_elements <<< "$domain"
+        if [ "${#domain_elements[@]}" -gt 2 ]; then
+            ALIAS=""
+        else
+            ALIAS="www.$domain"
+        fi
     else
         ALIAS="$aliases"
     fi

bin/v-add-webmail

@@ -45,6 +45,7 @@ check_args '2' "$#" 'USER DOMAIN [RESTART]'
 is_format_valid 'user' 'domain'
 is_system_enabled "$MAIL_SYSTEM" 'MAIL_SYSTEM'
 is_system_enabled "$WEB_SYSTEM" 'WEB_SYSTEM'
+is_system_enabled "$IMAP_SYSTEM" 'IMAP_SYSTEM'
 is_object_valid 'user' 'USER' "$user"
 is_object_unsuspended 'user' 'USER' "$user"
 is_object_valid 'mail' 'DOMAIN' "$domain"
@@ -54,39 +55,44 @@ is_object_unsuspended 'mail' 'DOMAIN' "$domain"
 #                       Action                             #
 #----------------------------------------------------------#
 
-# Ensure DNS record exists if Hestia is hosting DNS zones
-if [ ! -z "$DNS_SYSTEM" ]; then
-    dns_domain=$($BIN/v-list-dns-domains $user | grep $domain | cut -d' ' -f1)
-    webmail_record=$($BIN/v-list-dns-records $user $domain | grep -i $WEBMAIL_ALIAS | cut -d' ' -f1)
-
-    if [ "$dns_domain" = "$domain" ]; then
-        if [ -z "$webmail_record" ]; then
-            $BIN/v-add-dns-record $user $domain $WEBMAIL_ALIAS A $ip
-        else
-            $BIN/v-delete-dns-record $user $domain $webmail_record
-            $BIN/v-add-dns-record $user $domain $WEBMAIL_ALIAS A $ip
+# Verify that webmail alias variable exists
+if [ ! -z "$WEBMAIL_ALIAS" ]; then
+    # Ensure DNS record exists if Hestia is hosting DNS zones
+    if [ ! -z "$DNS_SYSTEM" ]; then
+        dns_domain=$($BIN/v-list-dns-domains $user | grep $domain | cut -d' ' -f1)
+        webmail_record=$($BIN/v-list-dns-records $user $domain | grep -i $WEBMAIL_ALIAS | cut -d' ' -f1)
+
+        if [ "$dns_domain" = "$domain" ]; then
+            if [ -z "$webmail_record" ]; then
+                $BIN/v-add-dns-record $user $domain $WEBMAIL_ALIAS A $ip
+            else
+                $BIN/v-delete-dns-record $user $domain $webmail_record
+                $BIN/v-add-dns-record $user $domain $WEBMAIL_ALIAS A $ip
+            fi
         fi
     fi
-fi
 
-# Add webmail configuration to mail domain
-WEBMAIL_TEMPLATE="default"
-if [ "$WEB_SYSTEM" = "nginx" ]; then
-    WEBMAIL_TEMPLATE="web_system"
-fi
-add_webmail_config "$WEB_SYSTEM" "${WEBMAIL_TEMPLATE}.tpl"
+    # Add webmail configuration to mail domain
+    WEBMAIL_TEMPLATE="default"
+    if [ "$WEB_SYSTEM" = "nginx" ]; then
+        WEBMAIL_TEMPLATE="web_system"
+    fi
+    add_webmail_config "$WEB_SYSTEM" "${WEBMAIL_TEMPLATE}.tpl"
 
-if [ ! -z "$PROXY_SYSTEM" ]; then
-    add_webmail_config "$PROXY_SYSTEM" "default.tpl"
-fi
+    if [ ! -z "$PROXY_SYSTEM" ]; then
+        add_webmail_config "$PROXY_SYSTEM" "default.tpl"
+    fi
 
-# Enable SSL for webmail if available
-if [ -f $HOMEDIR/$user/conf/mail/$domain/ssl/$domain.crt ] || [ "$SSL" = 'yes' ]; then
-    add_webmail_config "$WEB_SYSTEM" "${WEBMAIL_TEMPLATE}.stpl"
+    # Enable SSL for webmail if available
+    if [ -f $HOMEDIR/$user/conf/mail/$domain/ssl/$domain.crt ] || [ "$SSL" = 'yes' ]; then
+        add_webmail_config "$WEB_SYSTEM" "${WEBMAIL_TEMPLATE}.stpl"
 
-    if [ ! -z "$PROXY_SYSTEM" ]; then
-        add_webmail_config "$PROXY_SYSTEM" "default.stpl"
+        if [ ! -z "$PROXY_SYSTEM" ]; then
+            add_webmail_config "$PROXY_SYSTEM" "default.stpl"
+        fi
     fi
+else
+    echo "Error: WEBMAIL_ALIAS is not defined in hestia.conf"
 fi
 
 #----------------------------------------------------------#

bin/v-change-sys-port

@@ -72,7 +72,9 @@ if [ "$ORIGINAL_PORT" = "$PORT" ]; then
 else
     # Replace port in config files.
     sed -i "/listen/c\        listen          $PORT ssl;" $HESTIA/nginx/conf/nginx.conf
-    sed -i "/password_hestia_port/c\$rcmail_config['password_hestia_port'] = '$PORT';" /etc/roundcube/plugins/password/config.inc.php
+    if [ -d /etc/roundcube/ ]; then
+        sed -i "/password_hestia_port/c\$rcmail_config['password_hestia_port'] = '$PORT';" /etc/roundcube/plugins/password/config.inc.php
+    fi
     sed -i "/COMMENT='HESTIA'/c\RULE='2' ACTION='ACCEPT' PROTOCOL='TCP' PORT='$PORT' IP='0.0.0.0/0' COMMENT='HESTIA' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25'" $HESTIA/data/firewall/rules.conf
 
     # Restart services

bin/v-change-sys-release

@@ -27,9 +27,9 @@ if [ -z "$branch" ]; then
     echo "Usage: v-change-sys-release branchname"
     echo ""
     echo "Common release branches:"
-    echo "(*) master:   Stable releases only"
-    echo "(*) beta:     Beta builds which are being prepared for release"
-    echo "(*) develop:  Daily development builds"
+    echo "(*) release:      The latest stable release available via APT"
+    echo "(*) prerelease:   Beta/release candidate releases"
+    echo "(*) master:       The latest development code from GitHub"
     echo ""
     echo "You can also specify another branch name from the"
     echo "GitHub repository to install the code from that branch."
@@ -49,7 +49,7 @@ else
 
     # Set new branch variable
     echo "RELEASE_BRANCH='$branch'" >> $HESTIA/conf/hestia.conf
-    echo "Changed system release to update from Git branch: $branch"
+    echo "Changed system release to update from branch: $branch"
 fi
 
 #----------------------------------------------------------#

bin/v-change-web-domain-hsts

@@ -0,0 +1,75 @@
+#!/bin/bash
+# info: add/remove HSTS support from a domain
+# options: USER DOMAIN STATUS
+#
+# This function will enable or disable HSTS (HTTP Strict Transport Security)
+# for a web domain.
+
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+# Argument definition
+user=$1
+domain=$2
+domain_idn=$2
+status=$3
+
+# Includes
+source $HESTIA/func/main.sh
+source $HESTIA/func/domain.sh
+source $HESTIA/conf/hestia.conf
+
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+
+check_args '2' "$#" 'USER DOMAIN'
+is_format_valid 'user' 'domain'
+is_object_valid 'user' 'USER' "$user"
+is_object_unsuspended 'user' 'USER' "$user"
+is_object_valid 'web' 'DOMAIN' "$domain"
+is_object_unsuspended 'web' 'DOMAIN' "$domain"
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+# Load domain data
+eval $(grep "DOMAIN='$domain'" $USER_DATA/web.conf)
+
+# Check if SSL is enabled
+if [ "$SSL" != 'yes' ]; then
+    echo "Error: SSL is not enabled"
+    exit $E_NOTEXIST
+fi
+
+# Check for Apache/Nginx or Nginx/PHP-FPM configuration
+if [ -z $PROXY_SYSTEM ]; then
+    hstsconf="$HOMEDIR/$user/conf/web/$domain/$WEB_SYSTEM.hsts.conf"
+else
+    hstsconf="$HOMEDIR/$user/conf/web/$domain/$PROXY_SYSTEM.hsts.conf"
+fi
+
+if [ "$status" = "on" ]; then
+    echo 'add_header Strict-Transport-Security "max-age=15768000;" always;' > $hstsconf
+    echo "HTTP Strict Transport Security (HSTS) turned on for $domain."
+elif [ "$status" = "off" ]; then
+    rm -f $hstsconf
+    nginx -s reload
+    echo "HTTP Strict Transport Security (HSTS) turned off for $domain."
+else
+    echo "Error: Invalid mode specified."
+    echo "Usage: v-change-web-domain-hsts USER DOMAIN [ON / OFF]"
+fi
+
+#----------------------------------------------------------#
+#                       Hestia                             #
+#----------------------------------------------------------#
+
+# Logging
+log_history "Enabled HTTP Strict Transport Security on $domain."
+log_event "$OK" "$ARGUMENTS"
+
+exit